On 23/08/11 05:56, Mike Perry wrote: >> FWIW, there are many ways to track a browser cross-site and across >> restarts, even if you have javascript and cookies and flash cookies >> disabled. I recently blogged about a bunch of them which abuse the >> browser cache here: >> >> https://grepular.com/Preventing_Web_Tracking_via_the_Browser_Cache > > None of this is news. > > FYI, Torbutton traditionally handled both HTTP auth and cache through > the toggle feature. I've since realized that the toggle model was > broken, and we've been trying to supplant it in the 2.2.x Tor Browser > Bundles: If you read the article, you'll see that clearing the cache on toggle isn't enough. The cache should be completely disabled. If not, you could visit sitea.com, then visit siteb.com, and they could easily figure out that you're the same person. Even if you're coming from a different Tor exit node, even if you clear cookies inbetween. That is unless you have the patience to only visit one site at a time, and toggle off/on between each different site visit. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk